CVE-2025-20804

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503...

PT-2026-1391

Name of the Vulnerable Software and Affected Versions dpe affected versions not specified Description A memory corruption issue exists in dpe due to a use after free condition. Successful exploitation of this issue could allow a malicious actor with System privileges to achieve local escalation o...

MediaTek Chip Security Breach

The MediaTek chips are a variety of MediaTek chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips due to a lack of valid range checking in the dpe module, which may allow out-of-bounds writes...

GHSA-8P5C-F836-M4H7 Magento 2 Community Edition XML Injection

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...